neconyd | b6f4480086f4978357faae02c63e9962dc5e576e854939f9f5ebe4c0d280bd27 | Triage

Sharing

General

Target

b6f4480086f4978357faae02c63e9962dc5e576e854939f9f5ebe4c0d280bd27
Size

96KB
Sample

250110-hp5nqswles
MD5

e1b93335be80e38d60faa0995501b964
SHA1

a3ad93a38cd65ac73a57e68a2c87e2ff16a509ed
SHA256

b6f4480086f4978357faae02c63e9962dc5e576e854939f9f5ebe4c0d280bd27
SHA512

cd0832b92998c34487b4c60b2e4cc66a59e719a14b857bf3b56af43fefcb1ec31bb33b7c3dff7edea574c6a594878360ec47f57a61cdeb6c404bf6d3505e4867
SSDEEP

1536:1nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxb:1Gs8cd8eXlYairZYqMddH13b

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  b6f4480086f4978357faae02c63e9962dc5e576e854939f9f5ebe4c0d280bd27
- Size
  
  96KB
- MD5
  
  e1b93335be80e38d60faa0995501b964
- SHA1
  
  a3ad93a38cd65ac73a57e68a2c87e2ff16a509ed
- SHA256
  
  b6f4480086f4978357faae02c63e9962dc5e576e854939f9f5ebe4c0d280bd27
- SHA512
  
  cd0832b92998c34487b4c60b2e4cc66a59e719a14b857bf3b56af43fefcb1ec31bb33b7c3dff7edea574c6a594878360ec47f57a61cdeb6c404bf6d3505e4867
- SSDEEP
  
  1536:1nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxb:1Gs8cd8eXlYairZYqMddH13b
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan